The news follows the Guardian’s April report that Crosby’s company was behind a series of hugely influential pro-Brexit Facebook groups, which spent as much as £1m seeding the idea of a no-deal exit from the EU in the minds of the British public.

But the latest revelations reveal that the company has pursued that approach more broadly, in the service of previously unreported corporate interests and foreign governments.

And they expose a major flaw in Facebook’s political transparency tools, which make it possible for Crosby’s company – which boasts on its website that it deploys “the latest tools in digital engagement” – to use the social network to run professional-looking “news” pages reaching tens of millions of people on highly contentious topics, without apparently disclosing that they are being overseen by CTF Partners on behalf of paying clients.

The loophole CTF used to engage in multiple astroturfing campaigns isn’t really a loophole. It’s part of the design. That it was used in this fashion makes it appear to be a loophole, but when the business is engagement, it only makes sense to allow businesses to run multiple pages from a single account.

The minimal reporting requirements on campaign pages only requires a public face for pages — one person who can be viewed as the entity behind the content. Business manager pages don’t even require this. The astroturf campaigns originated from a business manager account. Most of the pages posted legitimate news articles, making them appear to be purely concerned with spreading information. Behind the scenes, CTF was gathering data on views, reactions, and sharing, figuring out which hot buttons to start pushing once the objective facade was dropped.

The Guardian’s reporting has resulted in many of these pages being memory-holed by CTF. Even so, Facebook’s view on the coordinated astroturf campaigns is that they did not violate Facebook’s terms of use, or even its new focus on disrupting the flow of “fake news.”

[Facebook] said the network of pages pretending to be news sources on behalf of corporate and state clients did not break their rules on “coordinated inauthentic behaviour”, a term used to shut down disinformation networks overseen by foreign governments in Russia and Iran. This is because Crosby’s employees used their real names on internal Facebook administration tools – information that is not available to the general public.

Real names make everything OK. So, it’s not even a loophole. It’s just the way the ecosystem works. In Facebook’s case, everything on the backend looked fine, as did the facade-building on the front end. When the facade was torn off by this investigation, Facebook’s response isn’t so much defensive as it is “this is how our platform works.” That everything working correctly meant the construction and deployment of coordinated disinformation is indicative of the limitations of moderation, not necessarily Facebook’s tacit endorsement of fully utilizing the tools it provides to businesses.

But that’s how Facebook users end up viewing pages purporting to provide news about the war in Yemen that are run by UK lobbyists on behalf of their Saudi government patrons. And that’s how persecuted conservative-adjacent entities continue to flourish, despite their protestations otherwise. The sad truth is at-scale moderation will never work well enough to banish one end of the political spectrum. It can’t even limit the stuff it’s supposed to be limiting at this point. And that’s after several years and millions of dollars.